Systems, methods, and apparatuses for sharing rights

ABSTRACT

A method of sharing rights includes, using one or more processors, at the request of a first user, granting a right of the first user to a second user, contingent upon consent of the second user. Rights may be shared between any two parties on an individual basis. Corresponding systems, apparatuses and articles of manufacture are provided. Such methods, systems, apparatuses and articles of manufacture may be implemented using a client-server arrangement.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority under 35 USC §119(e)(1) of ProvisionalApplication No. 61/764,822, filed Feb. 14, 2013, incorporated herein byreference.

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH

Not applicable.

TECHNICAL FIELD OF THE DISCLOSURE

The present disclosure relates generally to methods, systems,apparatuses and articles of manufacture for sharing rights. Moreparticularly, the disclosure relates to methods, systems, apparatusesand articles of manufacture for sharing rights via a social networkusing a server and clients, where rights may be shared between any twoparties on an individual basis.

BACKGROUND

Traditional social media permit individuals to establish socialrelationships with one another in only rigid, delimited ways. Typically,such a relationship is established by a user assigning another user to acategory or group, e.g., “friends,” “family,” or “acquaintances.” Theterms of the relationship between any two users are defined by thecategory or group. For example, all users assigned by a given user tothe category of “friends” may be permitted access to a certain set ofinformation of the given user, while all users assigned by the givenuser to the category of “family” may be permitted to access a differentset of information of the given user. It is generally not possible toestablish an individualized relationship, i.e., a relationship with auser based on that individual user; rather, it is only possible toestablish relationships based on the group or category to which theindividual user is assigned. For example, a given user cannot establisha relationship with individual A permitting individual A to access set Aof information, a relationship with individual B permitting individual Bto access set B of information, and so on. Also, it is generally notpossible to establish any relationships other than the relationshipsthat are pre-defined according to the pre-defined categories of theparticular social medium (e.g., Facebook®); in other words, it is notpossible to establish customized relationships. For example, a givenuser cannot select which information to share with his or her “friends”;rather, the particular social medium dictates that all of the givenuser's friends have access to a pre-defined, specified set ofinformation of the given user.

In addition, traditional social media permit and facilitaterelationships generally for the purpose of personal social interaction,e.g., for the purpose of recreation or entertainment, professionalnetworking, etc. These media typically do not provide resources forestablishing relationships for the purpose of facilitating practicalutility, e.g., increasing efficiency in the workplace and/or in theeconomy at large. One reason for this is that traditional social mediagenerally permit and facilitate the sharing of rights to access limitedtypes of information, but not other types of rights, e.g., rights toperform other kinds of actions.

SUMMARY

Embodiments of the present invention provide systems, methods,apparatuses, and articles of manufacture for sharing rights, whichaddress the above-discussed limitations in the prior art.

According to a first aspect of the invention, there is provided a methodof sharing rights, the method including, using one or more processors,at the request of a first user, granting a right of the first user to asecond user, contingent upon consent of the second user.

According to a second aspect of the invention, there is provided anarticle of manufacture including a non-transitory machine-readablemedium containing instructions that, when executed, enable aprocessor-based system to: at the request of a first user, grant a rightof the first user to a second user, contingent upon consent of thesecond user.

According to a third aspect of the invention, there is provided a systemfor sharing rights, the system including a server, the server includingone or more processors and memory coupled to the one or more processors.The memory contains executable instructions that, when executed, enablethe one or more processors, in communication with one or more clientdevices, to: at the request of a first user, grant a right of the firstuser to a second user, contingent upon consent of the second user.

Other embodiments are described and claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The following figures form part of the present specification, areincluded to further demonstrate certain aspects of the present claimedsubject matter, and should not be used to limit or define the presentclaimed subject matter. The claimed subject matter may be betterunderstood by reference to one or more of these drawings in combinationwith the description of embodiments presented herein. Consequently, amore complete understanding of the present embodiments, includingfeatures and advantages thereof, may be acquired by referring to thefollowing description taken in conjunction with the accompanyingdrawings, in which like reference numerals may identify like elements,wherein:

FIGS. 1A-1E illustrate screenshots showing selected operations of asystem for sharing rights in accordance with at least some embodiments;

FIGS. 2A and 2B illustrate methods for sharing rights in accordance withat least some embodiments;

FIG. 3 illustrates a computer system, or a portion thereof, forimplementing systems, methods, apparatuses, and articles of manufacture,or portions thereof, in accordance with at least some embodiments; and

FIGS. 4A-4E illustrate further computer systems, or portions thereof,for implementing systems, methods, apparatuses, and articles ofmanufacture, or portions thereof, in accordance with at least someembodiments.

NOTATION AND NOMENCLATURE

Certain terms are used throughout the following description and claimsto refer to particular system components and configurations. As oneskilled in the art will appreciate, the same component may be referredto by different names. This document does not intend to distinguishbetween components that differ in name but not function. In thefollowing discussion and in the claims, the terms “including” and“comprising” are used in an open-ended fashion, and thus should beinterpreted to mean “including, but not limited to . . . .”

DETAILED DESCRIPTION

The foregoing description of the figures is provided for the convenienceof the reader. It should be understood, however, that the embodimentsare not limited to the precise arrangements and configurations shown inthe figures. Also, the figures are not necessarily drawn to scale, andcertain features may be shown exaggerated in scale or in generalized orschematic form, in the interest of clarity and conciseness. The same orsimilar parts may be marked with the same or similar reference numerals.

While various embodiments are described herein, it should be appreciatedthat the present invention encompasses many inventive concepts that maybe embodied in a wide variety of contexts. The following detaileddescription of exemplary embodiments, read in conjunction with theaccompanying drawings, is merely illustrative and is not to be taken aslimiting the scope of the invention, as it would be impossible orimpractical to include all of the possible embodiments and contexts ofthe invention in this disclosure. Upon reading this disclosure, manyalternative embodiments of the present invention will be apparent topersons of ordinary skill in the art. The scope of the invention isdefined by the appended claims and equivalents thereof.

Illustrative embodiments of the invention are described below. In theinterest of clarity, not all features of an actual implementation aredescribed in this specification. In the development of any such actualembodiment, numerous implementation-specific decisions may need to bemade to achieve the design-specific goals, which may vary from oneimplementation to another. It will be appreciated that such adevelopment effort, while possibly complex and time-consuming, wouldnevertheless be a routine undertaking for persons of ordinary skill inthe art having the benefit of this disclosure.

Embodiments of the present invention provide systems, methods,apparatuses, and articles of manufacture, implemented using, e.g.,computerized devices and communication networks, for establishingcustomizable, individualized functional relationships between users of asocial medium. By “functional” is meant that a relationship facilitatespractical utility. Such a functional relationship may be defined by theright(s) shared between the so-related users (or the right(s) granted byone user to another user). These rights may include, among others,rights to access information and rights to perform other kinds ofactions. Such a right may require, legally or pursuant to other (e.g.,professional, ethical, etc.) rules or norms, or on other grounds,authorization given by another, authorizing performance of the specificaction, possibly under certain specified conditions. The sharing of aright may constitute the granting of such authorization by the other. Insome cases, the right may be a right of one party to the functionalrelationship to perform an action on behalf of another party to therelationship, e.g., in the manner of or similar to an action performedby an agent on behalf of a principal.

In short, in the context of the instant disclosure, a right is a rightto perform an action (in many cases, the action is an action requiringauthorization). The term “action” is to be understood in a broad sensecorresponding to grammatical actions rather than merely physical orbodily actions; thus, a right to access information is deemed to be aright to perform an action, viz., accessing information. Such rights maybe shared among different parties (users), that is, a right may begranted by one party to another party (and a granted right may berevoked, or unshared, as discussed below). Accordingly, systems,methods, apparatuses, and articles of manufacture described herein maybe referred to as rights sharing systems, methods, apparatuses, andarticles of manufacture.

It should also be noted that, while for convenience the discussionherein may frequently refer to individuals or users as sharing rightsand revoking shared rights, the instant disclosure is of course notlimited to individuals or individual users, but is applicable to anykind of parties, e.g., groups of individuals, legal persons (e.g.,corporations, etc.), other entities, or groups of the foregoing.Accordingly, statements using the terms “user” or “individual” should beunderstood as permitting of extrapolation to other kinds of parties, insuch broad fashion.

Further, the above-mentioned systems, methods, apparatuses, and articlesof manufacture may control not only the sharing of rights but also theexercise of rights, e.g., the performance of actions requiringauthorization, by putatively authorized users. For example, such asystem may be designed such that: any sharing of a right is necessarilyexecuted via the system; the transaction (i.e., the sharing of theright) is recorded by the system; and the exercise of any shared rightis contingent upon authorization by the system, the authorization beinggiven if the system determines based on its records of transactions thatthe user requesting to exercise the shared right is authorized toexercise the shared right, i.e., has been granted the right by the useron behalf of whom s/he requests to act. In this regard, not only mayusers seek authorization to exercise a shared right, but the system maybe designed such that third parties may seek confirmation from thesystem as to whether a user is authorized to exercise a (putativelyshared) right.

The system may also be designed to require authentication (orauthorization) of every user prior to permitting the user (i) to share aright, and/or (ii) to receive a shared right. Such authentication (orauthorization) could be for the purpose of verifying the identity of theuser, the purpose of verifying the credentials of the user, or foranother purpose.

With regard to performing transactions (the sharing of rights), thesystem may (i) receive, from a granting user, a notification of arequest to grant (i.e., share) a right by the granting user to arecipient user, (ii) transmit, to the recipient user, a notification ofthe request by the granting user to grant the right to the recipientuser, (iii) permit the recipient user to reply to (accept or decline(refuse)) the request to grant the right, (iv) receive the reply(acceptance or refusal of the request to grant the right) from therecipient user, and (v) transmit a notification of the reply to thegranting user. If the recipient user accepts the request to grant theright, the system deems the right granted to the recipient user andassociates the right with the recipient user. If the recipient userdeclines the request to grant the right, the system deems the right notgranted to the recipient user and does not associate the right with therecipient user. The system may also transmit to the granting usernotification of the granting or non-granting of the right, as the casemay be. This notification may be deemed equivalent to, and hencetantamount to, the notification of the reply (acceptance or refusal) tothe granting user.

It is noted that the term “accept” (and grammatical variants thereof)are used interchangeably herein with the term “consent to” (andgrammatical variants thereof); likewise, the opposing terms “decline,”“refuse,” and “does not consent to” (and grammatical variants thereof)are used interchangeably herein. Also, the terminology “share a rightwith” and “grant a right to” (and grammatical variants thereof) are usedinterchangeably herein, and the opposing terms “unshare a right” and“revoke a right” (and grammatical variants thereof) are usedinterchangeably herein.

It is further noted that the term “grantor” refers to a party who hassuccessfully granted a right, and the term “grantee” refers to a partywho has successfully been granted a right. In contrast, the term“granting user” refers to a party who requests to grant a right, and theresult of the request may be a successful grant of the right or anunsuccessful grant of the right. Similarly, the terms “receiving user”or “recipient user” (the two terms are used interchangeably) refer to aparty to whom a granting user requests to grant a right, and the resultof the request may be a successful grant of the right (the receivinguser accepts the grant) or an unsuccessful grant of the right (thereceiving user declines the grant).

It should be noted that the system may be designed so that not only mayrights be granted (shared), but also granted rights may be revoked(unshared). Moreover, both the grantor and the grantee may be providedwith the ability to revoke a right granted by the grantor to thegrantee. Although in the real world revocation by the grantee is notusually contemplated, in the context of the instant disclosure thegrantee may revoke (give up, give back to the grantor) the grantedright. Possible reasons the grantee may revoke a right may be, forexample, that the grantee no longer wishes to have the granted right,the grantee is no longer able to perform the action defined by theright, etc. Accordingly, revocations of granted rights may also bedeemed “transactions.” The system may perform revocations, e.g., by (i)receiving, from a grantor or a grantee, a notification of a revocationof a granted right, (ii) transmitting, to the grantee or the grantor,respectively, the notification of the revocation, and (iii) deeming thegranted right revoked (i.e., no longer granted) and dissociating thenow-revoked right from the grantee.

With regard to the recording of the transactions, the system may recordand store records of the transactions in one or more databases. Datadefining each transaction may be recorded. For example, where thetransaction is a request to grant a right, the following data may berecorded: the granting user, the receiving user, the right subject togrant, the reply of the receiving user (acceptance or refusal), and thestatus of the right (granted or not granted); where the transaction is arevocation of a right, the following data may be recorded: the grantor,the grantee, the right revoked, and the revoking party. In addition,other data pertaining to a transaction may be recorded, e.g., the dateand time of the transaction, and other information. Of course, the abovedata may additionally or alternately be recorded in other formats ororderings. For example, while the above description of the recorded datamay be understood as being from the ‘point of view’ of the transaction,the recorded data may also be set down from the ‘point of view’ of theresult of the transaction, viz., the granted, refused or revoked right.For example, the recorded data may include: the granted rights, eachgranted right being defined by the right granted, the granting user, andthe receiving user; the refusals of requests to grant rights, eachrefusal being defined by the right refused, the granting user, and thereceiving (refusing) user; and the revoked rights, each revoked rightbeing defined by the right revoked, the grantor, the grantee, and therevoking party. Of course, the system may record less or more data thandescribed above.

The system may be designed such that, prior to accepting a user'srequest to share (grant) a right with (to) another, the right inquestion must have been associated with the granting user by the system.That is, where a user requests to share a right not associated with theuser, the system would not permit the user to request to share theright. In this situation, the system may permit the user (subject to theconstraints discussed below) to associate the right with him/herself atthis time, in order for the user to proceed with the request to sharethe right.

It will be noted that a right may be either pre-defined by the system orcreated (formulated) by a user. The ability of a user to create orformulate his or her own rights is what is meant by saying, as above,that the system permits customizable functional relationships. Ofcourse, the system need not be designed such as to admit of both ofthese types of rights, but could be limited to one of them.

With respect to rights pre-defined by the system, the system may bedesigned such that, for all users or for any group of users, the systemautomatically associates all such pre-defined rights of the respectiveuser with the respective user. (As will be discussed below, the systemmay perform this automatic association based on comparing the criteriaof the user with the various sets of criteria for the respective rights,both of which may have been inputted into and stored in the system.) Asan alternative to this automatic associating performed by the system,the system may be designed in such a way that the user is permitted toselect pre-defined rights as belonging to him/her, e.g., from a menu ofpre-defined rights. As compared to this user selection of pre-definedrights, the automatic associating, performed by the system, ofpre-defined rights with the user may be simpler and more convenient forthe user.

With respect to user-created/formulated rights, the system may bedesigned so that, after creating/formulating a right, the user may(subject to the constraints discussed below) associate the right withhim/herself.

With respect to both pre-defined rights and user-created/formulatedrights, the system may be designed so that users are permitted to haveonly rights to which they are entitled under the law or pertinent rules,norms, etc. This may be accomplished, e.g., using a database of rights,where each right is associated with criteria that a user must satisfy inorder to have the right, and a database of users, where each user isassociated with the criteria that s/he satisfies. Assignment of a rightto a user (whether the right is a pre-defined right associated with auser automatically by the system, the right is a pre-defined rightselected by a user, the right is created/formulated by a user, or theright is granted to a user by another user) would be permitted only ifthe user satisfies the criteria for that particular right. Thedetermination of which criteria must be satisfied in order for a givenright to be assigned to a user may be made on the basis of the pertinentlaws, rules, etc. Such determinations may be made prior to, orindependently of, actual operation of the system. The determinedcriteria may be inputted into the system prior to, or independently of,actual operation of the system, and may be stored in association withthe corresponding rights. The determination of which criteria a givenuser satisfies may be made on the basis of the above-mentionedauthentication/authorization process (e.g., verification ofcredentials). It is also possible to make such determinations prior to,or independently of, actual operation of the system, e.g., where theusers' respective criteria or credentials are provided to the system inadvance of the user's use of the system. In view of the abovediscussion, it will be understood that assignment of rights to a user inthe context of the system does not actually endow the user with rightsin the real world (e.g., under pertinent laws, rules, etc.) but rathermerely gives the user rights within the system. The system may bedesigned such that the rights assigned to the user within the system donot exceed or conflict with the rights belonging to the user in the realworld. For example, where in the real world, e.g., under the law, theright to write a prescription is limited to those credentialed asmedical doctors, the system may prevent the assigning of the right towrite a prescription to any party other than a credentialed medicaldoctor.

A right may be characterized as comprising, or defined by, multiplecomponents: (i) the authorized action; (ii) the authorized objects ofthe action; (iii) the parties bound by the action; and (iv) theconditions imposed upon the right. Not every right will necessarily haveall of these components. While the plural has been used for components(ii)-(iv) above, it is possible in any given case that only a single oneof any of these components exists. For simplicity, it is assumed that aright is characterized by a single type of action, but of course it ispossible for a right to be characterized by multiple different kinds ofactions (i.e., A could grant B the right to perform actions X, Y and Z).

Another way of characterizing a right, having the same conceptualcontent (components) as described above, is as a function, in themathematical sense of function. Thus, a right R may be thought of as:R=f(A, O, P, C), where A represents the authorized action, O representsthe authorized objects, P represents the bound parties, and C representsthe conditions imposed upon the right. Alternately, where there aremultiple different conditions, C could be replaced by C₁, C₂, and so on.The other variables could be similarly replaced, as warranted. (Again,as above, the use of the singular or plural in describing the variablescontained in the above formula (function) is for the sake of convenienceand not to be taken as limiting to the singular or plural.)

It will be understood that O (authorized objects) and P (bound parties)may be thought of as conditions, in a more general sense of “condition,”such that a right would be characterized as comprising (i) theauthorized action; and (ii) the conditions imposed upon the right, orR=f(A, C₁, C₂, C₃), where C₁ represents the authorized objects, C₂represents the bound parties, and C₃ represents the other conditions.However, in view of the fundamental nature of the authorized objects andthe bound parties, it is deemed more intuitive to represent them aselements distinct from conditions in the narrower sense, which aregenerally of a less fundamental nature.

In order to better grasp the conceptual model of a right set forthabove, let us apply this model to an example of an actual right.Consider, for example, the right (of a doctor) to refer patients. Inthis case, the authorized action is the referring of one or morepatients. The authorized objects are the particular patients referral ofwhom is authorized by the right (discussed further below). The partybound is the doctor granting the right, assuming that, under the lawand/or the rules of medical ethics, the doctor is ultimately responsiblefor the patient with respect to whom the doctor has granted the right ofreferral to another. Where multiple doctors granted their right ofreferral to one or more others, there would be multiple bound parties.The conditions could be any of a wide-ranging set of conditions. Forexample, in the case of this particular right, a condition could be thatthe referral must be a referral for the patient for diagnosis andtreatment by a specialist doctor, not a referral for the patient toreceive medical services (e.g., imaging). (Of course, this conditioncould have simply been incorporated in the definition of the authorizedaction instead of being formulated as a condition.) Another example of acondition, in this instance a condition not limited in applicability tothis particular right, would be a condition that the right itself is notre-grantable (transferable), that is, that the party to whom the rightis granted is not permitted to grant the right to another party. Anotherexample of a general condition would be a condition that the right istime-limited, i.e., expires after a certain specified amount of time,or, relatedly, that the authorized action may be performed only alimited, specified number of times (in the manner that a patient may begranted a right to refill a medical prescription a limited, specifiednumber of times).

While the above example is from the medical field, the instantdisclosure is of course not so limited but is applicable to any field orcontext, to any kinds of rights to perform one or more actions. Otherexamples of rights are the rights to: process a referral of a medicalpatient, write a prescription, write a check, create a password, and soon. Thus, example fields or contexts include: medical (e.g., a generalpractice doctor may share the right to refer patients and the right toprocess those referrals with an administrator working with the doctor);corporate (e.g., a chief financial officer may share the right to writechecks in the name of the business with another officer of the company);information technology (e.g., a third party computer administrator mayshare the right to create a password for a particular company's domainwith an information technology administrator of that company); legal(e.g., a client may share its right to take legal action with anattorney); construction (a general contractor may share its right toapply for a license with a sub-contractor); and so on.

In some cases, a user wanting to grant a right may be permitted orrequired to specify the right, e.g., with respect to the authorizedobjects and/or conditions of the right. Consider, again, the right (of adoctor) to refer patients. As stated, in terms of the conceptual modelof a right discussed above, the authorized objects of this right are thepatients. If a doctor wishes to grant a right to refer patients, thedoctor should specify for which of his/her patients the right to referis to be granted. For example, the doctor may specify that s/he isgranting the right to refer only a particular patient X; a particulargroup of patients, such as the doctor's patients associated with aparticular one of the doctor's several clinics, office locations, oraffiliated hospitals; or all of the doctor's patients. In the case of aright such as this, (1) the system may be designed so as to require theuser granting the right to specify the right, i.e., in this case, tospecify the particular patients. Alternatively, (2) the system may bedesigned so as to merely permit the user granting the right to specifythe right, with the proviso that, if the user fails to specify theright, the system will implement a default specification of the right.As a further alternative, (3) the system may be designed so as to noteven permit the user granting the right to specify the right; instead,the system could impose a default specification of the right at theoutset. Different ones of these three modes of operation, and differenttypes of default specifications, may be appropriate and may be employedin different contexts and in the case of different kinds of rights. Itwill be noted that such specifications of rights may at the most expandthe scope of the right to its maximum; thus, they do not exceed orviolate the scope of the right. Inasmuch as the system will have beendesigned to prevent the rights assigned, within the system, to any user,from exceeding or conflicting with the rights belonging to therespective user in the real world, such specifications of rights afortiori will not exceed or conflict with the rights belonging to therespective user in the real world.

In the case of conditions, as against authorized objects, of a right,the system may implement a default whereby the right being granted isdeemed unconditioned, unless the user specifies conditions. The systemmay provide the granting user with a menu of types of conditions,whereby the granting user can select a condition (e.g., a time limit)and, if applicable, specify the content or value of the condition (e.g.,a particular amount of time), that is to be imposed on the right beinggranted. For different kinds of rights, different such menus (differentsets of conditions) may be provided, as appropriate or applicable.

Of course, it is possible to implement the rights sharing systems,methods, apparatuses, and articles of manufacture disclosed herein usingrights defined as comprising components in addition to or other thanthose described above (viz., actions, objects, parties bound,conditions), or even using rights defined in an altogether differentway.

As mentioned above, despite the use of the term “user” and “individual,”the instant disclosure is not so limited, but applies also to groups ofindividuals, legal persons, etc. Thus, for example, rights may be sharedamong any of such various kinds of parties. For example, a group ofindividuals could grant a right to an individual, or vice versa, a legalentity could grant a right to an individual or a group of individuals,or vice versa, etc.

The foregoing has been a general description of embodiments of thepresent invention. The following is a further description of embodimentsof the present invention, which description is made with reference tothe figures. In various embodiments, a rights sharing system may beaccessed using a web browser that provides a graphical user interface(GUI) between a user and the system. By manipulating the GUI a user mayprovide inputs to the system. The system processes the inputs anddisplays outputs to multiple users via their own personalized GUIs. Asdescribed herein, by this interaction between users and the rightssharing system, users may share rights, unshare rights, accept requeststo share rights, decline requests to share rights, associate anddissociate rights with themselves, and the like, according to variousembodiments. (As for dissociation of rights, a user may be permitted todissociate from him/herself a right that, in the manner described above,is associated with him/her.) The system may also provide otherfunctionality not directly pertaining to rights sharing and such relatedfunctions as authorizing the exercise of rights. This otherfunctionality may include, e.g., providing users with the ability tocommunicate with other users, to update their profiles, etc. As usersshare rights and perform other operations with other parties via thesystem, a social network of functional relationships is formed. Thehardware, software and/or firmware of such a system are described belowwith reference to FIGS. 4A-4E.

FIGS. 1A-1E illustrate screenshots 100A-100E of selected operations of asimple, exemplary rights sharing system according to one or moreembodiments disclosed herein. FIGS. 1A-1E illustrate an implementationof a rights sharing system in the medical context, and in particularfocus on the rights of making and processing a referral.

FIG. 1A shows a screenshot 100A, of a greeting, introductory, or homepage of the system, displayed on a GUI. The user's name is shown asJames Lee. In this example, the user is a medical doctor (MD). In atleast one embodiment, users may be automatically associated with certainpre-defined rights, in accordance with the professional category or role(e.g., MD, nurse, physician assistant (PA)) of the user. For example,all MD users may be automatically associated with a given set ofspecified rights, which may be referred to as MD rights. Likewise, allnurse users may be automatically associated with a different set ofspecified rights, which may be referred to as nurse rights; all PA usersmay be automatically associated with a different set of specifiedrights, which may be referred to as PA rights; and so on. However, thesesets of pre-defined rights may be varied for different implementations,e.g., for different medical networks, hospitals, etc. That is to say,for example, the set of MD rights in the rights sharing system inoperation at hospital X may be adjusted to include rights A, B, C, D andE, while the set of MD rights in the rights sharing system in operationat hospital Y may be adjusted to include rights A, B, E, F and G. As ageneral example, an exemplary set of MD rights may include the rightsof: making referrals, processing referrals, writing prescriptions,admitting new patients, purchasing medical equipment, and the like.

In the exemplary system illustrated in FIGS. 1A-1E, for use in themedical context, one of the rights that may be shared is the right tomake a referral. According to the screenshot of FIG. 1A, a user (here,Dr. Lee) who possesses this right (e.g., by the right's beingautomatically associated with him by the system, or by having beengranted the right by another) can perform (or commence performance of)the action authorized by the right, viz., making a referral, by clickingthe button 104 labeled “Create Referral.” In this way, for example, theMD user Dr. Lee may refer a patient to a specialist MD.

Further, Dr. Lee may make a request to share the right of making areferral with another party by clicking on the “Invite Colleague” link105 located just below the “Create Referral” button 104. Clicking onthis link may take the user Dr. Lee to a subsequent screen, forcompletion of the operation of making a request to share the right. Suchsubsequent screen is illustrated in FIG. 1C, discussed below.

Screenshot 100A also shows a news feed 108, which lists (recent) eventsthat have occurred in the system that involve or bear on the user Dr.Lee. Specifically, in this example, news feed 108 indicates (in theolder news item, shown at the bottom in the news feed 108) that SusanSmith, Dr. Lee's PA, has accepted the right to process referrals onbehalf of Dr. Lee. This indicates that, although not shown in FIGS.1A-1E, Dr. Lee previously requested to grant the right to processreferrals to Susan Smith, and Susan Smith accepted this request. Thesystem has allowed this transaction (whereby Dr. Lee granted a right toSusan Smith) to occur without requiring in person or face-to-facecontact between these two individuals; rather, each user was able toaccess the system to perform the necessary actions (e.g., making arequest to grant a right, replying to the request), for example, usinghis or her own GUI on his her or her own client device. News feed 108also indicates (in the more recent news item, shown at the top in thenews feed 108) that Susan Smith has started to process the referral forDr. Lee's patient Fred Williams, in other words, has started to performan action the right to perform which was granted to her by Dr. Lee.

Because the action of creating a referral and the action of processing areferral are so closely related, the system may be designed such thatclicking “Create Referral” button 104 may take the user to a subsequentscreen in which either of these two actions may be performed, and the“Invite Colleague” link 105 may take the user to a subsequent screen inwhich the rights to either of these two actions may be shared. It wouldalso be possible for the system to include the right to make a referraland the right to process a referral in a single combined right, whichcould be shared.

If a user wishes to share a right (e.g., the right to make a referral)with another party, or to perform an action involving another party(e.g., make a referral to a specialist MD), and the other party is notregistered with the system, the system may invite the other party toregister with the system. However, the other party need not beregistered with the system in order to use the system. That is, anunregistered user may reply to (accept or refuse) a request to share aright and may accordingly be granted or not granted the right, asapplicable, and an unregistered user may accept or refuse a referral. Tobe sure, the system may provide registered users with advantages such asgreater flexibility or convenience in using the system. Accordingly, theword “user” as used in this disclosure is not to be taken as beinglimited to a registered user, but rather may encompass any user of thesystem, whether registered or not, as the system may be designed topermit both registered and unregistered users to perform all actionsdescribed herein and to in any other way participate fully in thesystem.

A party may be invited to register with the system by an existing userof the system, as noted, or by the system. In this regard, the systemmay generate referral codes, which appear on invitations to register. Byusing such a referral code, a party may register with the system, forexample, using only a name and an email address.

Screenshot 100A also shows a “View Report” link 107 located just belowthe “Create Referral” button 104. Using this link, a user may accessreports, which may provide information of events or data, bearing on theuser, that is more comprehensive or otherwise different from theinformation shown in news feed 108. For example, a report may show therights associated with (and hence grantable by) the user (or the rightsassociated with all users of the user's category, if the system providesthe same rights to all users of the user's category), the rights grantedto (and hence exercisable by) the user, the rights refused by the user,the rights revoked from the user, the rights revoked by the user, theactions performed by the user, the actions performed by parties to whomthe user granted rights to perform those actions, the queries made bythird parties as to the user's authorization to perform actions(discussed below with reference to steps 235-245 of FIG. 2A), thecomponents/specifications of any of the indicated rights, and so on.Alternatively, a report accessed from this webpage (which webpagepertains to making and processing referrals) may show only suchinformation pertaining to the rights/actions of making and processing areferral. A report may also show the user's credentials or the criteriasatisfied by the user (as explained above), but these data may also beaccessed via the user's profile, shown in FIG. 1B, discussed below.

Although not shown in FIG. 1A, the webpage shown therein may alsoinclude another button labeled “Select Action/Right” or the like. Bypressing this button, the user may be taken to a subsequent screen wherethe user may select an action he wishes to perform or a right he wishesto share, other than the right to make a referral or the right toprocess a referral. The subsequent screen may show a list of all actionsthe user is authorized to perform and all rights the user possesses andhence may grant. The user may select (e.g., click on) an action, aright, or an action/right pair from the list, which may take the user toa subsequent screen analogous to that shown in FIG. 1A, but pertainingto an action and/or right different than those referenced in FIG. 1A.For example, a user may select the action/right pair of writing aprescription (that is, the action of writing a prescription and theright of writing a prescription), and this may take the user to a screenanalogous to that of FIG. 1A but in which button 104 is labeled “WritePrescription” and the news feed 108 shows events pertaining to thisaction/right. From this screen the user could perform (or commenceperforming) the action of writing a prescription by clicking the “WritePrescription” button, or the operation of making a request to share theright of writing a prescription by clicking the “Invite Colleague” link,analogously to the description above of performing the action of makinga referral and performing the operation of making a request to share theright of making a referral. This screen could also have a “View Report”link that could operate analogously to that of FIG. 1A.

As an alternative to the arrangement described above, the home page ofFIG. 1A could present the above-described list of all actions andrights, rather than being limited to a single action/right of “CreateReferral” (as indicated above, the term “Create Referral” may refer toboth making and processing a referral). In this case, the user couldselect and perform actions, and select and make requests to grantrights, from this home page, in a manner as described above orotherwise.

FIG. 1B shows a screenshot 100B, of a profile page of the system,displayed on a GUI, for the same user, Dr. Lee. Screenshot 100B shows alist of “Authorized Connections” 110, circled, which lists the partiesto whom Dr. Lee has granted rights. In this example, Dr. Lee has grantedrights to Kathy Phillips and Susan Smith. Next to each authorizedconnection (each user to whom Dr. Lee has granted rights) a buttonlabeled “X” 112, circled, is shown. By clicking the “X” button 112adjacent the name of a given authorized connection, a user revokes theright shared with the authorized connection, as indicated by the hovertext 114 (“Revoke right”) that appears adjacent the “X” button 112 whenthe user hovers over the “X” button 112 with a pointing device. Uponrevocation of a right, the system may send a notification to the userwhose right has been revoked, notifying the user of the revocation ofthe right.

Note that in the example shown in FIG. 1B, it is assumed that the soleright the system deals with is the combined right to create and processreferrals. Accordingly, this is the right that is revoked by clicking onthe “X” button 112. However, where the system deals with additionalrights, the profile page may be designed differently. For example, theuser may be permitted to click on (select) any of the authorizedconnections, which would take the user to a subsequent page showing theselected authorized connection with a list of all rights granted to theselected authorized connection by the user. An “X” button could beprovided adjacent to each of these rights granted to the authorizedconnection by the user, whereby the user could revoke any right s/hepreviously granted to the authorized connection. The “X” button 112 onthe profile page could be eliminated, or could be used for revoking allthe rights granted to the authorized connection by the user. As anotherexample, the profile page may show, instead of a list of authorizedconnections, a list of all rights associated with (hence grantable by)the user, or of all rights granted by the user. In this arrangement, theuser could click on (select) any one of these rights, which would takethe user to a subsequent page showing the selected right with a list ofall authorized connections who have been granted that right by the user.An “X” button could be provided adjacent to each of these authorizedconnections, whereby the user could revoke the selected right from theadjacent authorized connection. The “X” button 112 on the profile pagecould be eliminated, or could be used for revoking the selected rightfrom all the authorized connections of the user who have been grantedthat right.

Screenshot 100B also shows an “Add new connection” link 111, circled. Byclicking on this link, a user may be taken to a subsequent webpage wheres/he may select or insert another party and make a request to grant aright to the other party. Such subsequent webpage is shown in FIG. 1C,discussed below.

Screenshot 100B also shows a field labeled “Add another location” 115,circled. This field permits a user to add an additional work location.In the medical context, such a work location may be, e.g., a doctor'soffice, clinic, hospital, etc. These “work locations” may be used withso-called “rules” that a user may create or select and use, e.g., toshare rights on a group basis or category basis. For example, Dr. Leemay create or select a rule that all PAs affiliated with any of his worklocations be granted by him the right to make and process referrals.Accordingly, by adding a work location to his profile, all the PAsaffiliated with that location would automatically be granted this rightby the system. As another example, Dr. Lee may create or select a rulethat all parties affiliated with a given work location be granted by himthe right to make and process referrals. Accordingly, when this worklocation is listed in his profile, all parties affiliated with it wouldautomatically be granted this right by the system, without Dr. Leehaving to grant this right individually to each party affiliated withthis work location. As another example, Dr. Lee may create or select arule that for any work location, the third party computer administratorof the domain of that work location be granted by him the right tocreate a password for that domain. Accordingly, when any work locationis added to Dr. Lee's profile, the third party computer administratorassociated with that work location would automatically be granted thisright by the system. It is apparent that such rules may provideconvenience for the user, by automating the process of granting rights,in cases where groups or categories of parties are to be granted thesame right(s) by a user. The system may be designed so as to makeavailable to users pre-defined rules and/or to allow users to createtheir own rules. The system may require that user-created rules followcertain pre-defined formats or logical structures.

As mentioned, clicking on the “Invite Colleague” link 105 (FIG. 1A) orthe “Add new connection” link 111 (FIG. 1B) takes the user to the screenillustrated by screenshot 100C in FIG. 1C, to complete the operation ofmaking a request to grant a right. At the screen shown in FIG. 1C, theuser Dr. Lee may search for the user(s) to whom s/he wishes to grant aright, by using the search feature 116, circled. For example, Dr. Leemay enter the name or a portion of the name in the field shown in thesearch feature 116 and click on the search button (magnifying glassicon) shown at the right end of the field, which causes the system tosearch for users with this name/name portion and return a list of hits(names found that match the search query inputted). In the illustratedexample, the system has returned a single hit, namely, PA John Smith,with his work affiliation and email address (of course, otherinformation associated with the user may be shown). Dr. Lee may selectany of the returned hits by checking the checkbox 118, circled. Dr. Leemay make a request to grant a right to the selected user(s) by clickingthe button labeled “Grant it” 124, circled. In the event, Dr. Leechanges his mind and decides not to make the request to grant a right,he may exit by clicking the link 122, which will return him to theprevious page.

As shown at the top of the screen in FIG. 1C, the right being granted isthe right to “create and process referrals.” This follows from the aboveexplanation of FIGS. 1A and 1B. That is, FIG. 1A pertains solely to theright of making and processing referrals, and FIG. 1B assumes that thisis the sole right the system deals with. As explained above, however,additional configurations not illustrated in FIGS. 1A-1E are possible,e.g., in which the screen shown in FIG. 1A pertains to a differentright; in which the screen of FIG. 1A shows all rights/actions; inwhich, in contrast to the assumption of FIG. 1B, the system deals withadditional rights; etc. It will be understood that the screen shown inFIG. 1C may be employed with such additional configurations, and may beadapted to work with such additional configurations, as appropriate perthe particular configuration (e.g., where the screen shown in FIG. 1Apertains to a different right, the screen shown in FIG. 1C would pertainto that different right; where the screen of FIG. 1A shows allrights/actions, the screen of FIG. 1C would be revised accordingly;etc.). Such adaptations may be along the lines of such configurations asexplained above, or otherwise. For example, FIG. 1C could be modified topresent a list of rights, actions, or right/action pairs to be selectedfor granting to particular parties, or a list of authorized connectionsto be selected for granting particular rights to. See the discussion ofthe (non-illustrated) “Select Action/Right” button at the end of thediscussion of FIG. 1A.

With further reference to FIG. 1C, the system may be designed so thatthe search feature 116 searches only users who are registered with orotherwise known to the system. If Dr. Lee wishes to grant a right to aparty not registered with or known to the system, he may use link 120,circled, to make a request to grant a right to such party. For example,the system may require Dr. Lee to enter the name and email address ofsuch party and then click the “Grant it” button 124 in order to make arequest to grant a right to such party.

As mentioned, a user may share a right with more than one party, andmore than one users may share a right with a given party. Accordingly,multiple users may also share rights with multiple parties, and they mayuse rules to select the recipient parties, as described above. Thesystem may also permit such rules to be created/selected and used toidentify and select groups of granting parties. The system may alsopermit such rules to be used to form groups of recipient or grantingparties on bases other than by work location. For example, users may bepermitted to simply freely create their own groups of recipient partiesand granting parties.

As described elsewhere herein, sharing a right may involve a number ofrequests, replies, notifications, accepting of inputs, and the like.While these operations are not necessarily all explicitly illustrated inor described with reference to screenshots 100A-100E, they are alsoillustrated in and described with reference to FIGS. 2A and 2B anddescribed above in the general description given prior to thedescription of the figures.

FIG. 1D shows screenshot 100D, which shows a portion of the same screenshown in screenshot 100C of FIG. 1C. Screenshot 100D is a shot taken ata time after Dr. Lee has selected the party 128 (John Smith) to whom hewishes to grant a right and has clicked the “Grant it” button 124 so asto make the request to grant the right to that party. Accordingly,screenshot 100D shows a confirmation message 126 confirming to Dr. Leethat the request to grant the right has been sent to John Smith.

FIG. 1E shows a screenshot 100E, of a home page of John Smith (analogousto the home page of Dr. Lee shown in screenshot 100A in FIG. 1A), whichJohn Smith sees on his GUI when he logs in to the system. Each user maylog in to the system from his/her own client device. Multiple users mayalso log in to the system from a single client device. Because JohnSmith has been sent a request to grant a right, when he logs in to hishome page he sees a notification 130, circled, of the request. Thenotification 130 indicates the granting user (James Lee) and the rightto be granted (the right to process referrals). The notification 130 mayalso indicate specification/components (e.g., objects) of the right,e.g., that the right to process referrals covers patients affiliatedwith Metropolitan Family Practice (“Metropolitan Family Practice” beingthe name of a work location, hence the right covers patients affiliatedwith this particular work location). Screenshot 100E also shows anAccept button 134 and a Refuse button 132. John Smith can accept orrefuse Dr. Lee's request to grant him the indicated right by clicking onthe applicable one of these buttons. When John Smith clicks on one ofthese buttons, the system will grant the right to him or not, inaccordance with which button he clicked, and the system may send anotification to Dr. Lee indicating that John Smith accepted or refusedthe request, as the case may be, and/or, equivalently, that the righthas been granted, or has not been granted, to John Smith, accordingly.This notification sent to Dr. Lee may then appear in Dr. Lee's news feed108 (FIG. 1A).

While the screenshots 100A-100E shown in FIGS. 1A-1E and theaccompanying description thereof indicate specific exemplary ways inwhich a rights sharing system and method may be implemented, it will beunderstood that innumerable variations in this regard are possible. Suchvariations may be, for example, in the layout, format or informationcontent of webpages, screen elements or displayed content, in the mannerin which specific operations are performed, or how specificfunctionalities are implemented, etc. Functionalities shown as containedwithin a single webpage may be implemented using multiple webpages, andfunctionalities using multiple webpages may be implemented using asingle webpage. The design, construction and use of myriad arrangementsof such implementation details will be readily understood by one ofordinary skill in the art, and the instant invention is not to be takenas being limited in this regard.

It is also noted that while screenshots are not shown for certain otherprocesses described herein, e.g., authentication, authorization, and thelike, one of ordinary skill in the art will readily understand how toimplement all such processes not illustrated in FIGS. 1A-1E.

It will also be understood that the description herein with reference toFIGS. 1A-1E includes different ways (some illustrated, some notillustrated) in which a rights sharing system may be designed in orderto (permit users to) accomplish the same or similar actions andfunctions, e.g., with respect to manipulating rights (e.g., selectingrights, granting rights, revoking rights, etc.). Accordingly, it will beunderstood that a rights sharing system may be designed so as to operatein only some of these redundant ways. To be sure, a system may also bedesigned to have redundancy. Accordingly, it is not necessary that theentire content of all of screenshots 100A-100E, with their attendantmodes of operation, whether illustrated herein or merely describedherein as possible variants of the examples actually illustrated inFIGS. 1A-1E, be incorporated in a given implementation of a rightssharing system. Rather, different implementations of such systems mayincorporate selected aspects of these screenshots/this description. Itis also understood, as noted above, that the content of FIGS. 1A-1Ecovers only selected portions (e.g., selected operations) of the entireinstant disclosure and is not intended to be comprehensive in thisregard.

While FIGS. 1A-1E illustrate an example of sharing a specific right in aspecific context, embodiments described herein are applicable, and inparticular the screens shown in FIGS. 1A-1E are adaptable, to othercontexts, and the system may deal with other rights. Examples of suchother rights in other contexts include: a supervisor may share the rightto write checks in the name of the company up to a certain dollar amountwith one of his/her employees; a committee may share the right toapprove products for manufacture or to set prices for products withanother committee; etc. The sharing of rights can be one user to anotheruser, one-to-many, many-to-one, or many-to-many in various embodiments.It is also possible to implement a rights sharing system omittingfunctionalities described herein if desired, e.g., the ability to revokea right could be omitted.

The operations described with reference to FIGS. 1A-1E may be understoodas examples of steps or portions of the methods 200 and 201 shown inFIGS. 2A and 2B, discussed below.

FIG. 2A illustrates a method 200 of sharing rights. The method may beperformed, e.g., by a server in communication with one or more clientdevices (discussed in greater detail with reference to FIG. 4D, below).The server may include one or more processors and a memory havinginstructions for executing the method. For convenience, the method maybe described herein with reference to such server, client, etc., but itwill be understood that the method need not be performed by theseelements.

At step 205, the server associates one or more rights of a first userwith the first user. Of course, this association may be contingent upona determination or confirmation that the first user satisfies therespective criteria required for possessing the rights in question.

At step 210, upon the first user's request to grant a right (belongingto the first user) to a second user, the server authenticates the firstuser and/or the second user. The authentication may include, e.g.,verifying the identity of the respective user and/or verifying thecredentials of the respective user. With regard to step 210, the servermay have received the request (to grant the right) from a client devicethat transmitted the request to the server at the instruction of thefirst user. Of course, acceptance or processing of the request by theserver may be contingent upon a determination or confirmation that thesecond user satisfies the criteria required for possessing the right. Ifthe second user is found not to satisfy the criteria, the server maynotify the first user that it rejects the request. (In this case, thefirst user may notify the second user of the rejection, and the seconduser may be permitted to update his credentials in an attempt to satisfythe criteria.)

At step 215, at the request of the first user, the server grants theright of the first user to the second user, contingent upon the consentof the second user. The contingency here is this: if the second userconsents to (i.e., accepts) the request to grant the right, the right isgranted, and if the second user does not consent to (i.e., declines,refuses) the request to grant the right, the right is not granted.

Turning to FIG. 2B, method 201 includes a series of substeps 215A-215H.Step 215 of method 200 may be performed as this series of substeps215A-215H of method 201.

At step 215A, the server receives from the first user a request togrant, to a second user, a right belonging to the first user. The servermay receive this request, via a communication network, from a clientdevice that transmitted the request at the instruction of the firstuser. At step 215B, the server transmits to the second user the requestto grant the right. The server may transmit this request, via acommunication network, to a client device associated with the seconduser. At step 215C, the server receives from the second user a reply tothe request to grant the right, the reply indicating acceptance orrefusal, by the second user, of the request to grant the right. Theserver may receive this reply, via a communication network, from aclient device that transmitted the reply at the instruction of thesecond user. At step 215D, represented as a decision box, the serverdetermines whether the reply constitutes an acceptance or a refusal. Ifthe server determines that the reply is an acceptance, then the flowproceeds to step 215E, at which step the server grants the right to thesecond user. If the server determines that the reply is a refusal, thenthe flow proceeds to step 215F, at which step the server does not grantthe right to the second user. Following step 215E, at step 215G, theserver transmits to the first user notification of the reply, indicatingthat the second user accepted the request to grant the right, and/or,equivalently, notification that the right has been granted. Followingstep 215F, at step 215H, the server transmits to the first usernotification of the reply, indicating that the second user refused therequest to grant the right, and/or, equivalently, notification that theright has not been granted. With regard to steps 215G and 215H, theserver may transmit these notifications, via a communication network, toa client device associated with the first user. Of course, followingstep 215E/215F, the server may also confirm to the second user that theright has/has not been granted.

Returning to FIG. 2A, at step 220, upon performance of step 215, theserver records the result of step 215 as a first recorded resultincluding information indicating the right, the first user, the seconduser, and the consent (acceptance) or non-consent (refusal) of thesecond user. It will be understood that the recording of informationindicating the consent or non-consent of the second user is equivalentto, and hence tantamount to, the recording of information indicating thegrant or non-grant of the right.

At step 225, at the request of the first user or the second user, theserver revokes a right granted by the first user to the second user. Ofcourse, it will be understood that step 225 need not occur at all and inthe case of many granted rights will likely not occur.

At step 230, upon performance of step 225, the server records the resultof step 225 as a second recorded result including information indicatingthe right revoked, the first user, and the second user. The secondrecorded result may also include information indicating the revokinguser.

At step 235, represented as a decision box, the server determines, basedon the first and second recorded results, whether a given user has beengranted a given right. If the server determines that the given user hasbeen granted the given right, then the flow proceeds to step 240, atwhich step the server authorizes the given user to exercise the givenright. If the server determines that the given user has not been grantedthe given right, then the flow proceeds to step 245, at which step theserver denies authorization to the given user to exercise the givenright. Steps 235-245 may be performed in at least two distinctsituations. One such situation is when a user seeks authorization fromthe system to exercise a right. The system may be designed to thuscontrol users' exercise of rights so as to permit users to exercise onlythose rights which they have been granted. Another such situation iswhen a third party (e.g., a hospital or other medical institution)submits a query to the system, seeking to ascertain whether a user(e.g., a doctor or other medical worker) who wishes to exercise a rightis in fact authorized to exercise the right, that is, whether the userhas in fact been granted the right. Upon ascertaining whether the useris so authorized, the system may transmit to the third party a reply toits query.

The rights sharing systems, methods and articles of manufacturedescribed herein may be implemented on one or more particular machineswith sufficient processing power, memory resources, and networkthroughput capability to handle the necessary workload placed upon them.FIGS. 3 and 4A-4E illustrate particular machines suitable forimplementing a rights sharing system or part of such a system, accordingto one or more embodiments disclosed herein. In that regard, FIG. 3illustrates a particular machine 380, according to at least oneembodiment. The particular machine 380 includes at least one processor382 (which may be referred to as a central processing unit or CPU) thatis in communication with a non-transitory machine-readable medium 387,which may be a non-transitory computer-readable medium and/or storagedevice. The machine-readable medium 387 may comprise memory devicesincluding secondary storage 384, read only memory (ROM) 386, and randomaccess memory (RAM) 388. The processor 382 is further in communicationwith input/output (I/O) devices 390 and network connectivity devices392. The processor 382 may be implemented as one or more CPU chips.

The secondary storage 384 may be comprised of one or more disk drivesand is used for non-volatile storage of data and may be used as anover-flow data storage device if RAM 388 is not large enough to hold allworking data. Secondary storage 384 may be used to store instructions orprograms 389 that are loaded into RAM 388 when such instructions orprograms 389 are selected for execution and that cause the processor 382to perform any of the steps described in this disclosure. ROM 386 mayalso be used to store instructions or programs 389 and may be used tostore data for reading during program execution. ROM 386 is anon-volatile memory device which typically has a small memory capacityrelative to the larger memory capacity of secondary storage 384. RAM 388is used to store volatile data and may also be used to store programs orinstructions 389. Access to both ROM 386 and RAM 388 is typically fasterthan to secondary storage 384.

I/O devices 390 may include printers, monitors, touch screens,keyboards, keypads, switches, dials, mice, voice recognizers, cardreaders, tape readers, or other input devices. The network connectivitydevices 392 may include modems, modem banks, ethernet cards, universalserial bus (USB) cards, serial interfaces, token ring cards, fiberdistributed data interface (FDDI) cards, wireless local area network(WLAN) cards, radio transceiver cards such as code division multipleaccess (CDMA) and/or global system for mobile communications (GSM) radiotransceiver cards, and other network devices. These network connectivitydevices 392 may enable the processor 382 to communicate with theInternet or one or more intranets. With such a network connection, theprocessor 382 may receive information from the network, or may outputinformation to the network, in the course of performing theabove-described method steps.

The processor 382 executes codes, computer programs, and/or scriptswhich it accesses from hard disk, floppy disk, optical disc (thesevarious disk based systems may all be considered secondary storage 384),ROM 386, RAM 388, or the network connectivity devices 392.

According to at least one embodiment, FIG. 4A illustrates a system 400Acomprising a non-transitory machine-readable medium or computer-readablemedium 406, one or more processors 402, and a display 404.Non-transitory machine-readable medium or computer-readable medium 406stores software 408 that, when executed by the one or more processors402, causes the one or more processors 402 to perform or initiate any ofthe steps described in this disclosure. The system 400A also comprises agraphical user interface (“GUI”) 410 displayed on display 404.Preferably, the GUI 410 is the latest version of Internet Explorer(“IE”) or any other browser, and the GUI 410 is the point of accessbetween the user and the system 400A.

According to at least one embodiment, FIG. 4B illustrates a system 400B,in which a processor 403 is a computer processor, and acomputer-readable medium 407 is coupled to the processor 403 in acomputer. Display 404 is a computer monitor, and a user can manipulateGUI 410 displayed on display 404 via keyboard 412 and a pointing deviceor computer mouse (not shown) or other input device. In this embodiment,the processor 403 and computer-readable medium 407 are local. Turning toFIG. 4C, according to at least one embodiment, components of a system400C are distributed over a network 414. Specifically, the userinteracts with GUI 410 displayed on display 404 of a computer, andtransmits information over the network 414 for processing by servers416, 418. Preferably, the network 414 is the Internet. Server 418comprises a processor 402 that executes software 408 located on acomputer-readable medium 406 of server 416. Many configurations andcombinations of distributed computing are possible.

According to at least one embodiment, in another arrangement ofdistributed computing, FIG. 4D illustrates a system 400D, including aserver 416, client devices 401, 401, and a communication network 414.Server 416 may include one or more processors 402, and machine-readablemedium 406. Machine-readable medium 406 may be a computer-readablemedium. Machine-readable medium 406 may include memory devices (notshown in FIG. 4D) such as described above with respect tomachine-readable medium 387 illustrated in FIG. 3. Machine-readablemedium 406 may include software 408. While two client devices 401, 401are illustrated, system 400D may include more than two client devices401, 401. Each client device 401 may include a processor 403 and amachine-readable medium 407. Machine-readable medium 407 may be acomputer-readable medium. Machine-readable medium 407 may include memorydevices (not shown in FIG. 4D) such as described above with respect tomachine-readable medium 387 illustrated in FIG. 3. Machine-readablemedium 407 may include software 409. Each client device may includekeyboard 412 and GUI 410 displayed on display 404 and/or otherinput/output devices (not shown in FIG. 4D). Rights sharing systems,methods, apparatuses, and articles of manufacture described herein maybe implemented using system 400D.

FIG. 4E illustrates applications and databases for performing thefunctions and operations described herein, which applications anddatabases may reside in the memory devices (not shown in FIG. 4E) inmachine readable medium 406 of server 416 (shown in FIG. 4D). Suchapplications (which may be included in software 408) may include modulesfor performing these functions and operations, such as, e.g., a rightstransactions module 421 (for implementing and recording thesharing/granting and unsharing/revoking of rights), an authenticationmodule 423 (for authenticating users), and an authorization module 425(for authorizing/denying authorization to a user to exercise a right,and for receiving and responding to queries regarding the same). Suchdatabases, which may be called upon by such applications in performingthese functions and operations, may include, e.g., a user database 434containing user data, a rights database 436 containing rights data, anda records database 438 containing records of transactions and otherprocesses. User data may include, e.g., for each user, data pertainingto the user's identification, the user's credentials, the criteriapossessed by the user (i.e., criteria the satisfaction of which isrequired to possess particular rights), the rights associated with(hence grantable by) the user, the rights granted to (hence exercisableby) the user, etc. Rights data may include, e.g., for each right in thesystem, data pertaining to criteria required to possess the right,components/specification of the right, users associated with (hencepermitted to grant) the right, users granted (hence permitted toexercise) the right, etc. Records of transactions and other processesmay include data pertaining to grants of rights, revocations of rights,results of authentication processes, results of authorization processes,etc. Data other than that described above, as well as data organized inmanners other than that described above, may also be recorded and storedin appropriate databases. For example, collective data may be recorded(or generated from data of individual events) and stored, further todata organized on a per user, per right, or per transaction basis. Ofcourse, the individuation or demarcation of databases and modules may bevaried from that described.

Returning to FIG. 4D, with system 400D, server 416 may serve thosefunctions and operations described herein as being attributable to therights sharing system. Each client device 401 may serve those functionsand operations described herein as being attributable to one or moreusers (individuals, parties, etc.). In this arrangement, each user orclient device 401 (e.g., where each user is associated with a respectiveclient device 401) may be deemed a node of the system, and server 416may be deemed the center of the system. Transactions (sharing/grantingor unsharing/revoking of rights) are interactions between two or morenodes/users/client devices 401, but all transactions may go through thecenter/system/server 416, which may implement and record everytransaction. Certain other processes may occur between anode/user/client device 401 and the center/system/server 416, forexample, the process of authenticating a user, and the process ofauthorizing/denying authorization to a user to exercise a right. In thearrangement of FIG. 4D, users can use cloud computing to access and makeuse of the system 400D (to perform transactions and other processes), asfrom the user's point of view the center or system effectively residesin the cloud.

Embodiments of the present invention may be implemented in the form ofsoftware, hardware, firmware, application logic or a combination of anyof these. The software, firmware, application logic and/or hardware mayreside on integrated circuit chips, modules or memories. If desired,part of the software, hardware, firmware, and/or application logic mayreside on integrated circuit chips, part of the software, hardware,firmware, and/or application logic may reside on modules, and part ofthe software, hardware, firmware, and/or application logic may reside onmemories. In at least one embodiment, the application logic, software oran instruction set is maintained on any one of various conventionalnon-transitory computer-readable media.

Processes and logic flows which are described in this specification canbe performed by one or more programmable processors executing one ormore computer programs to perform functions by operating on input dataand generating output. Processes and logic flows can also be performedby special purpose logic circuitry, e.g., an FPGA (field programmablegate array) or an ASIC (application-specific integrated circuit).Apparatus or devices can also include, in addition to hardware, codethat creates an execution environment for computer program, e.g., codethat constitutes processor firmware, a protocol stack, a databasemanagement system, an operating system, a cross-platform runtimeenvironment, e.g., a virtual machine, or a combination of one or more ofthem.

A computer-readable medium as described in this specification may be anymedia or means that can contain, store, communicate, propagate ortransport the instructions for use by or in connection with aninstruction execution system, apparatus, or device. A computer-readablemedium may comprise a computer-readable storage medium that may be anymedia or means that can contain or store the instructions for use by orin connection with an instruction execution system, apparatus, ordevice, such as a computer. Computer-readable media may include allforms of nonvolatile memory, media and memory devices, including by wayof example semiconductor memory devices, e.g., EPROM, EEPROM, and flashmemory devices; magnetic disks, e.g., internal hard disks or removabledisks; magneto-optical disks; and CD-ROM and DVD-ROM disks.

Embodiments and/or features as described in this specification can beimplemented in a computing system that includes a back-end component,e.g., as a data server, or that includes a middleware component, e.g.,an application server, or that includes a front-end component, e.g., aclient computer having a graphical user interface or a Web browserthrough which a user can interact with the rights sharing system asdescribed in this specification, or any combination of one or more suchback-end, middleware, or front-end components. The components of thesystem can be interconnected by any form or medium of digital datacommunication, e.g., a communication network. Examples of communicationnetworks include a local area network (“LAN”) and a wide area network(“WAN”), e.g., the Internet.

As noted, the computing system can include clients and servers. A clientand server are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other.

While the instant description may in places refer to a rights sharing“system” (or simply the “system”), it will be understood that suchdescription applies also, mutatis mutandis, to a corresponding rightssharing method, and vice versa.

Many modifications and other embodiments of the invention will come tomind to one skilled in the art to which this invention pertains havingthe benefit of the teachings presented in the foregoing descriptions andthe associated drawings. Therefore, it is to be understood that theinvention is not to be limited to the specific embodiments disclosed andthat modifications and other embodiments are intended to be includedwithin the scope of the appended claims. Although specific terms areemployed herein, they are used in a generic and descriptive sense onlyand not for purposes of limitation. While this disclosure contains manyspecific implementation details, these specific implementation detailsare not meant to be construed as limitations on the scope of theinvention or of what may be claimed, but rather as descriptions offeatures specific to particular embodiments of the invention.

In light of the principles and example embodiments described andillustrated herein, it will be recognized that the example embodimentscan be modified in arrangement and detail without departing from suchprinciples. Also, the foregoing discussion has focused on particularembodiments, but other configurations are also contemplated. Inparticular, even though expressions such as “in one embodiment,” “inanother embodiment,” or the like are used herein, these phrases aremeant to generally reference embodiment possibilities, and are notintended to limit the invention to particular embodiment configurations.As used herein, these terms may reference the same or differentembodiments that are combinable into other embodiments. As a rule, anyembodiment referenced herein is freely combinable with any one or moreof the other embodiments referenced herein, and any number of featuresof a single embodiment or of different embodiments are combinable withone another, unless indicated otherwise.

Moreover, although features may be described as acting in certaincombinations and even initially claimed as such, one or more featuresfrom a combination as described or a claimed combination can in certaincases be excluded from the combination, and the claimed combination maybe directed to a subcombination or variation of a subcombination.Although various aspects of the invention are set out in the independentclaims, other aspects of the invention comprise other combinations offeatures from the embodiments and/or from the dependent claims with thefeatures of the independent claims, and not solely the combinationsexplicitly set out in the claims.

Similarly, although example processes have been described with regard toparticular operations performed in a particular sequence, numerousmodifications could be applied to those processes to derive numerousalternative embodiments of the present invention. For example,alternative embodiments may include processes that use fewer than all ofthe disclosed operations, processes that use additional operations, andprocesses in which the individual operations disclosed herein arecombined, subdivided, rearranged, or otherwise altered.

This disclosure may include descriptions of various benefits andadvantages that may be provided by various embodiments. One, some, all,or different benefits or advantages may be provided by differentembodiments. In view of the wide variety of useful permutations that maybe readily derived from the example embodiments described herein, thisdetailed description is intended to be illustrative only, and should notbe taken as limiting the scope of the invention. What is claimed as theinvention, therefore, are all implementations that come within the scopeof the following claims, and all equivalents to such implementations.

What is claimed is:
 1. A method performed by a server in communicationwith one or more client devices, the method comprising: receiving, atthe server, from one of the one or more client devices a request by afirst user to grant a right of the first user to a second user;transmitting, from the server, to one of the one or more client devicesthe request to grant the right of the first user to the second user;receiving, at the server, from one of the one or more client devices areply by the second user to the request to grant the right of the firstuser to the second user, the reply comprising an acceptance or a refusalof the request to grant the right of the first user to the second user,wherein: if the reply comprises the acceptance: by the server, grantingthe right of the first user to the second user; and if the replycomprises the refusal: by the server, not granting the right of thefirst user to the second user; and at the request of the first user orthe second user, revoking a right granted by the first user to thesecond user, wherein the right granted by the first user to the seconduser is revoked regardless of whether the request to revoke is made bythe first user or the second user, wherein the server comprises one ormore processors, and the one or more processors comprise hardware, andwherein the right is defined as a function R=f(A, O, P, C), where R isthe right, A is one or more actions authorized by the granting of theright O is one or more objects of the one or more actions authorized bythe granting of the right, P is one or more parties bound by thegranting of the right, and C is one or more conditions imposed upon thegranted right.
 2. A method according to claim 1, further comprising: ifthe reply comprises the acceptance: transmitting to the first usernotification of (a) the acceptance and/or (b) the granting of the right;and if the reply comprises the refusal: transmitting to the first usernotification of (a) the refusal and/or (b) the non-granting of theright.
 3. A method according to claim 1, further comprising: associatingthe right of the first user with the first user.
 4. A method accordingto claim 1, further comprising: authenticating at least one of the firstuser and the second user, wherein the step of authenticating at leastone of the first user and the second user comprises verifying at leastone of (i) the identity of the respective user and (ii) the credentialsof the respective user.
 5. A method according to claim 1, furthercomprising: determining whether a given user has been granted a givenright; if the given user has been granted the given right, authorizingthe given user to exercise the given right; and if the given user hasnot been granted the given right, denying authorization to the givenuser to exercise the given right.
 6. A method according to claim 5,further comprising: wherein, for any performed instance of the grantingof the right of the first user to the second user, a result of theperformance thereof is recorded as a first recorded result comprisinginformation indicating the right, the first user and the second user,wherein for any performed instance of the revoking of a right granted bythe first user to the second user, a result of the performance thereofis recorded as a second recorded result comprising informationindicating the right revoked, the first user, and the second user, andwherein the determination whether a given user has been granted a givenright is made based on the first and second recorded results.
 7. Amethod according to claim 1, further comprising: receiving a query froma third party as to whether a given user has been granted a given right;determining whether the given user has been granted the given right; andtransmitting to the third party a reply to the query, the replyindicating whether the given user has been granted the given right. 8.An article of manufacture comprising a non-transitory machine-readablemedium comprising instructions that, when executed, enable a servercomprising a processor-based system, in communication with one or moreclient devices, to: receive from one of the one or more client devices arequest by a first user to grant a right of the first user to a seconduser; transmit to one of the one or more client devices the request togrant the right of the first user to the second user; receive from oneof the one or more client devices a reply by the second user to therequest to grant the right of the first user to the second user, thereply comprising an acceptance or a refusal of the request to grant theright of the first user to the second user, wherein: if the replycomprises the acceptance: grant the right of the first user to thesecond user; and if the reply comprises the refusal: decline grantingthe right of the first user to the second user; and at the request ofthe first user or the second user, revoke a right granted by the firstuser to the second user, wherein the right granted by the first user tothe second user is revoked regardless of whether the request to revokeis made by the first user or the second user, wherein theprocessor-based system comprises one or more processors, and the one ormore processors comprise hardware, and wherein the right is defined as afunction R=f(A, O, P, C), where R is the right, A is one or more actionsauthorized by the granting of the right, O is one or more objects of theone or more actions authorized by the granting of the right, P is one ormore parties bound by the granting of the right, and C is one or moreconditions imposed upon the granted right.
 9. An article of manufactureaccording to claim 8, wherein the instructions, when executed, furtherenable the server comprising the processor-based system, incommunication with the one or more client devices, to: if the replycomprises the acceptance: transmit to the first user notification of (a)the acceptance and/or (b) the granting of the right; and if the replycomprises the refusal: transmit to the first user notification of (a)the refusal and/or (b) the non-granting of the right.
 10. An article ofmanufacture according to claim 8, wherein the instructions, whenexecuted, further enable the server comprising the processor-basedsystem, in communication with the one or more client devices, to:associate the right of the first user with the first user.
 11. Anarticle of manufacture according to claim 8, wherein the instructions,when executed, further enable the server comprising the processor-basedsystem, in communication with the one or more client devices, to:authenticate at least one of the first user and the second user, whereinthe step of authenticating at least one of the first user and the seconduser comprises verifying at least one of (i) the identity of therespective user and (ii) the credentials of the respective user.
 12. Anarticle of manufacture according to claim 8, wherein the instructions,when executed, further enable the server comprising the processor-basedsystem, in communication with the one or more client devices, to:determine whether a given user has been granted a given right; if thegiven user has been granted the given right, authorize the given user toexercise the given right; and if the given user has not been granted thegiven right, deny authorization to the given user to exercise the givenright.
 13. An article of manufacture according to claim 12, wherein theinstructions, when executed, further enable the server comprising theprocessor-based system, in communication with the one or more clientdevices, to: wherein, for any performed instance of the granting of theright of the first user to the second user, a result of the performancethereof is recorded as a first recorded result comprising informationindicating the right, the first user and the second user, wherein forany performed instance of the revoking of a right granted by the firstuser to the second user, a result of the performance thereof is recordedas a second recorded result comprising information indicating the rightrevoked, the first user, and the second user, and wherein thedetermination whether a given user has been granted a given right ismade based on the first and second recorded results.
 14. An article ofmanufacture according to claim 8, wherein the instructions, whenexecuted, further enable the server comprising the processor-basedsystem, in communication with the one or more client devices, to:receive a query from a third party as to whether a given user has beengranted a given right; determine whether the given user has been grantedthe given right; and transmit to the third party a reply to the query,the reply indicating whether the given user has been granted the givenright.
 15. A system comprising: a server, the server comprising: one ormore processors, the one or more processors comprising hardware; andmemory coupled to the one or more processors, the memory comprisingexecutable instructions that, when executed, enable the one or moreprocessors, in communication with one or more client devices, to:receive from one of the one or more client devices a request by a firstuser to grant a right of the first user to a second user; transmit toone of the one or more client devices the request to grant the right ofthe first user to the second user; receive from one of the one or moreclient devices a reply by the second user to the request to grant theright of the first user to the second user, the reply comprising anacceptance or a refusal of the request to grant the right of the firstuser to the second user, wherein: if the reply comprises the acceptance:grant the right of the first user to the second user; and if the replycomprises the refusal: decline granting the right of the first user tothe second user; and at the request of the first user or the seconduser, revoke a right granted by the first user to the second user,wherein the right granted by the first user to the second user isrevoked regardless of whether the request to revoke is made by the firstuser or the second user, wherein the right is defined as a functionR=f(A, O, P, C), where R is the right, A is one or more actionsauthorized by the granting of the right, O is one or more objects of theone or more actions authorized by the granting of the right, P is one ormore parties bound by the granting of the right, and C is one or moreconditions imposed upon the granted right.
 16. A system according toclaim 15, wherein the instructions, when executed, further enable theone or more processors, in communication with the one or more clientdevices, to: if the reply comprises the acceptance: transmit to thefirst user notification of (a) the acceptance and/or (b) the granting ofthe right; and if the reply comprises the refusal: transmit to the firstuser notification of (a) the refusal and/or (b) the non-granting of theright.
 17. A system according to claim 15, wherein the instructions,when executed, further enable the one or more processors, incommunication with the one or more client devices, to: associate theright of the first user with the first user.
 18. A system according toclaim 15, wherein the instructions, when executed, further enable theone or more processors, in communication with the one or more clientdevices, to: authenticate at least one of the first user and the seconduser, wherein the step of authenticating at least one of the first userand the second user comprises verifying at least one of (i) the identityof the respective user and (ii) the credentials of the respective user.19. A system according to claim 15, wherein the instructions, whenexecuted, further enable the one or more processors, in communicationwith the one or more client devices, to: determine whether a given userhas been granted a given right; if the given user has been granted thegiven right, authorize the given user to exercise the given right; andif the given user has not been granted the given right, denyauthorization to the given user to exercise the given right.
 20. Asystem according to claim 19, wherein the instructions, when executed,further enable the one or more processors, in communication with the oneor more client devices, to: wherein, for any performed instance of thegranting of the right of the first user to the second user, a result ofthe performance thereof is recorded as a first recorded resultcomprising information indicating the right, the first user and thesecond user, wherein for any performed instance of the revoking of aright granted by the first user to the second user, a result of theperformance thereof is recorded as a second recorded result comprisinginformation indicating the right revoked, the first user, and the seconduser, and wherein the determination whether a given user has beengranted a given right is made based on the first and second recordedresults.
 21. A system according to claim 15, wherein the instructions,when executed, further enable the one or more processors, incommunication with the one or more client devices, to: receive a queryfrom a third party as to whether a given user has been granted a givenright; determine whether the given user has been granted the givenright; and transmit to the third party a reply to the query, the replyindicating whether the given user has been granted the given right.